S3 Bucket List reveals top-level object names

The Situation

Customer is building a bucket that ingests data from outside multiple customers. If we call it "ingest-bucket" their intent is to use a folder structure with one folder per customer. The intended structure is something like this:

• ingest-bucket/customer1/data1.log
• ingest-bucket/customer1/data2.log
• ingest-bucket/customer2/data1.log
• ingest-bucket/customer2/data2.log
• ingest-bucket/customer3/data1.log
• ingest-bucket/customer3/data2.log

...and so on...

The Task

They have tried to give a third party access to just the ingest folder that corresponds to them. Imagine this is an engineer from customer2. It appears that they need to grant S3:ListBucket in order to allow them to read and download the files.

The Problem

The problem is that when customer2 does a ListBucket command, they can see the existence of the customer1 and customer3 folders. They don't have access to any objects inside those folders, but they can see the existence of the folder itself. This is a problem because Siemens doesn't want customer2 to see the folder named "customer1". It tells customer2 that customer1 is a Siemens customer and that's undesirable.

Possible Solution

Is there a solution to this? We decided to potentially use random names for this first-level folder, which anonymises the folder names. That's not great, but it's acceptable. Is there something I'm missing, though?

They've created an S3 bucket policy something like this:

{
    "Id": "bucket123456",
    "Statement": [{
        "Sid": "1",
        "Action": [   "s3:ListBucket" ],
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::ingest-bucket",
        "Principal": {  "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"   }
    }, {
        "Sid": "2",
        "Action": ["s3:GetObject"],
        "Effect": "Allow",
        "Resource": "arn:aws:s3::: ingest-bucket/customer2/*",
        "Principal": {  "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"  }
    }]
}